Home | News (Page 1) | Star Dot Star

Help Stop Email Abuse

Protect Yourself from Spam, Spoofed or Phishing Email Exploits

Randy Harris

August 28, 2006 (18:06:17 EST)

Every day many of the one billion plus people who use the internet receive unsolicited email messages from individuals and organizations.

If only 1 out of 4 of the users received one piece of email spam, that would be 250,000,000 peices of electronic junk mail.

World Population / Internet Usage & Growth

Population ( 2006 Est.)	Internet Usage, Latest Data	% Population ( Penetration )	Usage Growth 2000-2005
6,499,697,060	1,043,104,886	16.0%	189.0%

source: www.internetworldstats.com

Most large internet services provide email addresses such as "spoof@eBay.com", "abuse@hotmail.com", "abuse@aol.com", etc.

If you receive spam, it may be more than just a harmless junk-mail ad for low rate mortgages or online pharmaceuticals --- it could be a phishing message. A phishing message is one that usually contain a link or suggests you visit their website, email them call them on the phone. A phishing email may appear to come from a company you do business with, (phishing scams usually involve banks, credit card companies, eBay, Amazon and other online sellers, or PayPal type online payment services). Beware, these emails are attempts to collect information about you which could be used to compromise your financial accounts.

So, how do you protectect yourself?

Reporting spam is the #1 way to protect yourself.

First and foremost, never click on a link in an email message unless you are 100% sure of who sent it to you. Most reputable online companies you deal with will tell you to go to their normal home page and log into your account. Email advertisements and news letters will direct you to a specific page of their website or direct you to call them on a phone number that is published on their website.

If the email is suspicious, you will want to forward it with complete message headers to the proper authority. Check the website for the company and look for where they would like the report sent -- they may refer to it as "Filing a spam report" or "Reporting Email Abuse". (NOTE: In cases where you beleive a spammer has already accessed your personal or financial information, you should take steps to contact the institutions involved by phone or in writing. They will inform you if you should contact law enforcement).

Where do I send a spam report?

In most cases, the report will be sent to a mailbox for "abuse", example: abuse@hotmail.com, abuse@aol.com... etc.

Once you send the report you should receive a confirmation that they received your report. It will start out similar to the text below, and may contain additional instructions.

"...Thank you for contacting (company) about a potential fraudulent (spoof) email or Web site. We will investigate this situation immediately and inform you of the results in a separate email. If you are reporting an email or a Web site that is asking for personal financial information, it is best to assume it is fake until you receive a response from us."

Shortly after you recieve the confirmation that they have received the suspicious email you should get another email telling you the outcome of their investigation.

"...Thank you for writing to (company) regarding the email you received. Emails such as this, commonly referred to as "spoof" or "phished" messages, are sent in an attempt to collect sensitive personal or financial information from the recipients. The email you reported was not sent by us. We have reported this email to the appropriate authorities."

In the case of messages that are just plain spam, the addresses may be "spoofed". This means that even though the message appears to come from "example.user@example.xyz", it is most likely not from that user. In this case you will need to look at the email header which tells the names and addresses of the email systems that the message passed through to get to you.

At some point in the header, you will recognize the name of you ISP's mail server, or if you own your own website and the message went to an email account for your domian, you wil lfind the name of your mhosting companies mail server, (this may appear as "mailhost.yourisp.xyz" or "mail.yourdomain.xyz").

You will want to trace back the info in the header using a "WHOIS" service and see if the numeric IP address matches the name of the mailserver. If it does, forward to the message to the email abuse or security administrator at that service.

By reporting spam you are helping to catch spammers. Every message contains some clue to either trace the message back to its original sender, or at least gives the mail-server admins information to add to their filtering software to stop the spam message from making it to your in-box.

###